1234567891011121314151617181920212223 |
- Subject: Fix NULL pointer dereference get_ipv6_l4proto()
- ID: CVE-2019-8376
- Origin: v4.3.1-2-gecee2ace <https://github.com/appneta/tcpreplay/commit/v4.3.1-2-gecee2ace>
- Upstream-Author: Gabriel Ganne <gabriel.ganne@mindmaze.ch>
- Date: Wed Mar 6 14:31:08 2019 +0100
- Bug-Debian: https://bugs.debian.org/922624
- get_ipv6_next() returns NULL on malformed packets. If that happens
- return the last proto that could be read.
- This should fix issue #537
- --- a/src/common/get.c
- +++ b/src/common/get.c
- @@ -536,6 +536,8 @@
- case TCPR_IPV6_NH_HBH:
- dbgx(3, "Jumping to next extension header (0x%hhx)", proto);
- exthdr = get_ipv6_next((struct tcpr_ipv6_ext_hdr_base *)ptr, len);
- + if (exthdr == NULL)
- + return proto;
- proto = exthdr->ip_nh;
- ptr = (u_char *)exthdr;
- break;
|